Their site is working for me.
Forum just came back for me now hmmm Got 10 VestaCP servers exploited - Page 44 - Vesta Control Panel - Forum fresh install and still infected ?
Misinformation i bet. He was not infected and right after update he got it? People that were infected, cleaned the Trojan and updated, are not complaining about a new infection.
well not good news from Patrick Williams a well known security person from Rack911. Well good in that VestaCP devs now have a chance to patch these up. VestaCP zero-day exploit | Web Hosting Talk VestaCP hit with zeroday exploit [Patch Released, Unclear If Resolved] - Page 4
In VestaCP forum, many people were saying something related to roundcube, that it seemed the exploit was from there. VestaCP installs Roundcube. Coincidence or not, yesterday Roudcube released a security update for an injection vulnerability:
From that news and Patrick's i think there's multiple root level exploits in VestaCP so a multi vector attack is probably most likely - all leading to compromise. Will be interesting to see what is revealed vulnerability wise after VestaCP patches everything.
Patrick's VestaCP security vulnerability report is being sent to VesatCP folks today VestaCP hit with zeroday exploit [Patch Released, Unclear If Resolved] - Page 5 a bit of a clue as to where some of the vulnerabilities are
Yup VestaCP hit with zeroday exploit [Patch Released, Unclear If Resolved] - Page 5 edit: just re-read that last line so there's more to come !
@eva2000 are you registered in lowendtalk? Im not and they ask for review. I posted what patrick said in Vesta forum and i received one PM from one of their Dev's with: Can you pass this message to Patrick?
@Revenge looks like VestaCP hacked again ? VestaCP again hacked. UPDATE IMMEDIATELY! ? Seems VestaCP has updated to fix the security issue though 0.9.8-22 (security) - Vesta Control Panel - Forum believe same ones at [CLOSED] [Urgent!] Critical Security issue in VestaCP - Vesta Control Panel - Forum have been HACKED ! by xaxaxa.eu - Vesta Control Panel - Forum ouch according to VestaCP again hacked. UPDATE IMMEDIATELY!
Yep, it seems. I also noticed now the .21 update was the one that fixed the 6 securities issues the other guy discovered.
Yeah supposedly fixed IIRC. I updated my VestaCP install from LEMP comparison testing as well to .22. looks like the v-list-sys-vesta-update script doesn't like being run via full path as opposed to within the script's directory Code (Text): /usr/local/vesta/bin/v-list-sys-vesta-updates /usr/local/vesta/bin/v-list-sys-vesta-updates: line 16: /func/main.sh: No such file or directory /usr/local/vesta/bin/v-list-sys-vesta-updates: line 17: /conf/vesta.conf: No such file or directory PKG VER REL ARCH UPDT DATE --- --- --- ---- ---- ---- vesta 0.9.8 22 amd64 yes 2018-06-24 vesta-php 0.9.8 21 amd64 yes 2018-06-10 vesta-nginx 0.9.8 21 amd64 yes 2018-06-10 some web hosts reported their customer's VestaCP installs has been affected by this security issue [Security fix] Running VestaCP? Make sure to update! | Web Hosting Talk
@Revenge did VestaCP get hacked again Vestacp got hacked/vulnerable ? I can't load their forums now as malware bytes is blocking their domain
Heads up to anyone using VestaCP or migrated data from VestaCP to Centmin Mod, that their initial VestaCP installs might have been compromised and if they were you could of migrated compromised data from VestaCP to Centmin Mod. Seems From May 31 to June 13, VestaCP Ubuntu installer was sending admin passwords back to VestaCP.com servers and were done so in clear plain text unencrypted too. Apparently, VestaCP.com servers were hacked. All VestaCP installations being attacked - Page 17 - Vesta Control Panel - Forum All VestaCP installations being attacked - Page 18 - Vesta Control Panel - Forum All VestaCP installations being attacked - Page 19 - Vesta Control Panel - Forum from All VestaCP installations being attacked - Page 19 - Vesta Control Panel - Forum
hmm does that mean their Github account was hacked/compromised or the computer that pushed code to Github account was hacked I wonder ? Sounds like they compromised the vestacp.com domain hosted server(s) too then. Probably all stemmed from their vestacp.com hosted servers all running vestacp would itself got hacked/compromised and it snowballed from there!. That's ALOT of compromising all round! Though VestaCP saying otherwise Sounds like VestaCP should always force end users to change admin password/credentials on first log in and not rely on the generated logins created by VestaCP. Though that can open up end users choosing even less secure/weak login passwords than the auto generated ones. Incidents like these always prompt me to think about Centmin Mod's own security - so more ideas for stuff to implement myself